Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year. We plan to start releasing signatures which exceed the 980 bytes limit on May 2010.

Will it affect future upgrade of the ZCS version, if we upgrade ClamAV manually as discussed on the wiki page ClamAV - Updating Version - Zimbra :: Wiki. As of now an upgrade of ZCS is not possible, so need to keep the current version for some more time.

Recently the domain open-whois.org, who once provided Relay Blacklist services, expired. Once it expired it was free to be registered by anyone who wished to pay to purchase the domain. It appears that whoever purchased the domain did so with malicious intent. The open-whois.org RBL is now blacklisting every IP on the internet, which means no matter your provider, it's listed on this blacklist and anyone using this blacklist is now likely to be seeing a vast increase in false positive spam.

Fixed in 5.0.23+ For other versions you may workaround this issue by modifying the following files and removing or commenting references to OPENWHOIS:
/opt/zimbra/conf/spamassassin/STATISTICS-set1.txt
/opt/zimbra/conf/spamassassin/STATISTICS-set3.txt
/opt/zimbra/conf/spamassassin/active.list
/opt/zimbra/conf/spamassassin/50_scores.cf
/opt/zimbra/conf/spamassassin/72_active.cf

Script for the fix

following are the steps which worked for us..we had to patch a lots of machines so this kind of automated the fix for us.

-----------------------------------------------------------------------------------------This fix/instructions only for RHEL 5 32bit or CentOS 5 32bit due to the download link
if you fix the download link as per WIKI link above for your install then other instructions should work as is

* following is the edited version..to fix the ArchiveMaxFileSize issue in some clamav.conf.in file which is different in some zimbra versions.
-----------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------check the output of logs to see if everything worked ok
-----------------------------------------------------------------------------------------

** update edit **
while enableing AV back i had the following command with CAPITAL "A" for Antivirus which is NOT correct it has to be all lower case
if you did the following BAD commandzmprov ms `zmhostname` +zimbraServiceEnabled Antivirus
then you will get the following outputStarting Antivirus...skipped.
missing or not executable.